Trend micro real time threat management press presentation

Copyright 2011 Trend Micro Inc.

Trend Micro Real-TimeThreat ManagementJune 13, 2011—launch date; Press Presentation

Dan Glessner, Vice-President, Enterprise Marketing

Kevin Faulkner, Director, Product Marketing

AdvancedAdvancedTargeted ThreatsTargeted Threats

EmpoweredEmpoweredEmployeesEmployees

De-PerimeterizationDe-PerimeterizationVirtualization, Cloud, Virtualization, Cloud,

Consumerization & Mobility Consumerization & Mobility

Today, Traditional Security is Insufficient

Source: Forrester

i.e., Stuxnet, Epsilon, Aurora, Mariposa, Zeus,Sony PlayStation, etc.

& Wikileaks

Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware!

3 Copyright 2011 Trend Micro Inc.

The Need for Real-time Risk ManagementSource: Verizon 2011 Data Breach Report

1/3 of infections result in compromise within minutes, butmost are not discovered or contained for weeks or months!


Analysts and Influencers Urge Action

“Zero-Trust” security model Use of Network Analysis and Visibility Tools

“Lean Forward” proactive security strategy Use of Network Threat Monitoring Tools

“Real-Time Risk Management” Use of Threat Monitoring Intelligence

US Federal Risk Management Framework Calls for “Continuous Monitoring”


Increased IT Security Priority: Vulnerability and Threat Management

Source: Forrsights Security Survey, Q3 2010

Since 2008, “Managing vulnerabilities and threats” has

moved from #5 to #2

“Which of the following initiatives are likely to be your firm’stop IT security priorities over the next 12 months?”


Announcing: Trend Micro Real-Time Threat Management Solutions

• Detect, analyze and remediate advanced threats• Investigate incident events and contain their impact• Monitor and optimize security posture• Manage vulnerabilities & proactive virtual patching• Augment security staff & expertise

Network-WideVisibility and Control

ActionableThreat Intelligence

Timely VulnerabilityProtection

Threat Management SystemDynamic Threat Analysis System

Threat Intelligence Manager

Vulnerability Mgmt. ServicesDeep Security Virtual Patching

Smart Protection Network IntelligenceRisk Management Services


Trend Micro Threat Management System

TMS is a Network Analysis and Visibility solution that provides the real-time visibility, insight, and control to protect your company from advanced persistent attacks

Network Threat Detection & Deterrence

Automated Remediation

Malware Forensic Analysis Platform

Multi-Level Reporting

Risk ManagementServices Offering

Over 300 Enterprise & Government Customers WW


TMS: Visibility – Insight – Control

DataCenterAPT Implanted Via Web, Email, USB…

Threat DiscoveryAppliance

Command & Control Server

APT Communication Detected

Threat Mitigator

Additional Analysis

Detailed Reports:• Incident Analysis• Executive Summary• Root-cause Analysis

• Signature-free clean up• Root-cause analysis

Threat Confirmed


Detection Capabilities

New – DTAS Sandbox Detection EngineNew – Document Exploit EngineNew – DTAS Sandbox Detection EngineNew – Document Exploit Engine

• Multiple unique threat engines

• 24 hour event correlation

• Continually updated threat relevance rules

• Data loss detection

• Tracks unauthorized app usage and malicious destinations

• Powered by Smart Protection Network and dedicated Trend researchers

Best Detection Rates

Lowest False Positives

Real-Time Impact


TMS + Dynamic Threat Analysis System

• Sandbox execution

• Malware actions & events

• Malicious destinations

• C&C Servers contacted

• Exportable reports & PCAP files

• Backend integration into TMS reporting & Mitigator

Integrated malware execution and forensic analysis

Threat DiscoveryAppliance

Direct FileSubmission

Other Trend Products


Event Management Customer Pain Points

Trend Micro Confidential 04/10/23 11

*SAN Survey Data 2010

Wide gap between those who know they have a problem, and those who have a solution


Trend Micro Threat Intelligence Manager

Delivers threat intelligence and impact analysis needed to identify and reduce exposure to advanced threats.

Incident Analysis and Security Posture Monitoring

Real-Time Threat Analysis and Visualization

Provide Actionable Intelligence for active threats

Visualize event relationships in an attack

Office ScanIncident Discovery

Threat Discovery ApplianceSuspicious Network BehaviorThreat Intelligence

ManagerThreat Analysis and Response

Consolidates threat events and uses advanced visualization and intelligence to uncover the hidden threats!

Deep SecuritySystem Integrity


What Threat Intelligence Manager Enables

Customers can:

• Identify the hidden or advanced threats

• Visualize the lifecycle of an attack

• Establish custom alerts for tracking future events

• Customized reporting and executive reporting

• Scorecards for monitoring security posture

• Answer key questions:– Are there suspicious events that I am missing from my logs?

– Are there outbound active connections from compromised systems?

– Are there additional endpoints with similar behaviors as the compromised system?

– What systems are involved in the attack, and what steps can I take to defend?


Customizable Dashboard

Access and visualization by role and responsibility


Threat Intelligence ManagerThreat Management System

Dynamic Threat Analysis System

Endpoints

Network

Servers

• Multi-point detection

• Validation

• Threat Analysis

• Impact Assessment

• Automated Remediation

• Pro-active Protection

Real-Time Threat ManagementIn Action

Benefits of Trend Micro Real-Time Threat Management Solutions

Compromise

Days / Weeks Weeks / MonthsWeeks / Months

Discovery

Containment

Entry

Hours

Level of Damage from APT

Trend expedites containment – helping identify, remediate and protect infiltrated and susceptible systems

Intelligent threat and log analysis Automated remediation Virtual patching

If entry successful, Trend shortens the time to discovery – minimizing the risk and damages of actual compromise

Network-level analysis & visibility Intelligent threat and log analysis HIPS, virtual patching, Integrity Monitoring

Trend minimizes the likelihood of APT intrusion - blocking threat exposure, vulnerability and communication

Smart Protection Network reputation intelligence Network-level analysis & visibility Vulnerability scanning & virtual patching


New Risk Management Services

• Proactive monitoring and alerting

• Threat analysis and advisory

• Threat remediation assistance

• Risk posture review and analysis

• Strategic security planning

Augment stretched IT security staff

Put Trend Micro Threat Researchers and Service Specialists on your team

A complete portfolio designed to further reduce risk exposure and security management costs

Increase IT security responsiveness and expertise


Why Trend Micro?

Trend Micro is the only vendor providing integrated

real-time protection and risk management against

advanced targeted threats.

Network-WideVisibility and Control

ActionableThreat Intelligence

Timely VulnerabilityProtection

Threat Management SystemDynamic Threat Analysis System

Threat Intelligence Manager

Vulnerability Mgmt. ServicesDeep Security Virtual Patching

Smart Protection Network IntelligenceRisk Management Services

“Trend Micro has always impressed me with its understanding of what its customers are going through and this reiterates it again.”

Richard Stiennon, IT-Harvest


Appendix


The Virtual Patching Solution

• Close window of vulnerability for critical systems and applications

• Protect “unpatchable” systems

• Meet 30-day PCI patch requirement

Risk Mgt & Compliance

• Reduce patch cycle frequency

• Avoid ad-hoc patching

• Minimize system downtime

Operational Impact

Trend Micro Security Center provides Virtual Patches within hours of vulnerability disclosure

•Automated centralized distribution

•Protection available:

•Deep Security product module

•With OfficeScan IDF plugin

AutomatedMonitoring Application

Analysis

Filter “Patch”Development

ProtectionDeliveryTrend Micro

Security Center Physical / Virtual / CloudServers

Endpoints & Devices


Vulnerability Management System• Vulnerability scanning

– Vulnerability scanning of internal and external devices

– Patch and configuration recommendations

• Web application scanning– Web site crawler to detect application

design vulnerabilities like SQL injection and cross-site scripting etc.

• PCI compliant scanning– Vulnerability scanning with reports for PCI

– Trend is an Approved Scanning Vendor

• Policy compliance– Define and track compliance with device

security policies

• SaaS based management portal– Hosted scans of external devices

– On-premise appliance for scanning internal devices managed from SaaS portal

– On-demand scan

21


Flavors of “Intelligence”

Security Information & Event Management (SIEM):•The collection and advanced analysis of logs/events across all security disciplines into a central platform, for high-level status and event review.

Threat Intelligence is:•Threat Intelligence is a complementary technology to SIEM, with greater focus on the “threat space” of security


Advanced Visualization & Impact Analysis

Visualize the relationship between cause and effect of each threat event, and fully understand the impact


Jan 2011 results of testing conducted by AV-Test.org (qualified for internal use)Results from T+60 test

Trend Micro Smart Protection Network


http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/nss-labs/index.html?cm_re=HP:Sub:1-_-CORP-_-NSSlabs02



Industry-proven real-world protection

Note: If multiple products from one vendor were evaluated, then vendor’s best performance is listed.

*1 ： http://www.nsslabs.com/research/endpoint-security/anti-malware/*2 ： http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/index.html*3 ： http://www.dennistechnologylabs.com/reports/s/a-m/trendmicro/PCVP2010-TM.pdf (Dec. Test performed for Computer Shopper UK)*4 : http://www.av-comparatives.org/images/stories/test/dyn/stats/index.html



Interactive drill-down dashboards

• Navigate across corporate groups• Pin-point infected sources• Perform root-cause analysis• Track suspicious user behavior and application usage• Detect leakage of regulated data• Customizable event alarms• Multi-level reporting for managers and executives• Available on-premise or hosted

Threat Management Portal

Coming 2H 2011• Improved drill down capability• Sandbox analysis workbench


Threat Mitigator Technology: Root-cause and signature-free cleanup

Cleanup request received

Check forensic logs

Locate which process performed malicious activity

Remove malware process, file and registry entries

Locate and remove parent malware

Locate and remove child malware

In case of failure, a custom cleanup kit is automatically generated by Trend


Risk Management Services

BronzeServices

SilverServices

Gold Services

Diamond Services

• On-demand advisory services

• On-demand remediation services

• Priority event alerting

• 8X5 access

• Product installation and configuration

• Bronze package plus…

• Weekly report reviews & advisory

• Monthly status; Quarterly reviews

• 24X7 access for urgent issues

• Silver package plus…

• Daily report reviews & advisory

• Customized security planning

• Annual assessment and training

• Gold package plus…

• Daily monitoring & communication

• Complete tailored services delivery

• Dedicated Technical Account Manager

A component of Trend Micro Technical Account Management Services

Over 300 Enterprise and Government Customers WW

Global Security& Logistics Co.